Features Association bug with associating Website SSL with a virtual server

[swelljoe]

When trying to associate a domain with an existing VirtualHost in the Apache configuration, I get the following error:

Failed to associate features : Validation failed for Apache SSL website : No SSL certificate file specified in Apache virtual host

Which isn't true. The VirtualHost for the name on port 443 has SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile defined, and they point to files that exist (they are links from the user's home to files in the Let's Encrypt dir in /etc/letsencrypt/live/domainname).

So, either the error is misleading or the check isn't working correctly.

As far as I know, this VirtualHost was created by Virtualmin, so Virtualmin really ought to be able to recognize it as a valid VirtualHost to be imported/associated.

[swelljoe]

As an additional data point, I was able to associate the Apache website (even though it didn't come in during the import, which I would have expected to happen), so I think Virtualmin is looking in the right places. It just doesn't like this SSL VirtualHost.

[jcameron]

Hmm, that's an unusual error since it should only happen if there is no SSLCertificateFile in the Apache config.

How did you do the association exactly?

[swelljoe]

On the Associate Features page I checked the box for Apache SSL website, and chose "Yes" to "Require successful validation before saving".

The Apache website association by itself worked, but SSL won't work at all with validation enabled.

And, it definitely has an SSLCertificateFile.

I'll send you the whole httpd.conf privately.

[jcameron]

Ok I'll check out the config. Are you associating just the SSL feature, or the regular Apache website at the same time?

[swelljoe]

Associating both at the same time did not work (SSL failed validation), so I associated Apache website by itself, successfully. Now I'm just trying to associate Apache SSL website and failing validation.

[swelljoe]

More poking around, associating without validation "succeeds", but there's nothing there. Viewing directives shows this:

[swelljoe]

Oh, actually, turns out Apache website also failed to associate.

I guess Virtualmin doesn't actually know the domain name, somehow? I'm baffled by what it's doing.

[swelljoe]

Agh. The VirtualHost is pointing to /var/www for some reason.

[swelljoe]

So, somehow, Virtualmin decided that "default" (not a VirtualHost) was the right thing to import for this domain. I don't know how to make sense of that. The httpd.conf was wrong (/var/www isn't where that site is and isn't owned by that user, but, still, seems like Virtualmin should have done something more sensible than this or complained.

[swelljoe]

Fixing httpd.conf, disassociating both Apache/SSL website features, and then trying to re-associate gets a new error:

Failed to associate features : Validation failed for Apache website : PHP-FPM configuration error found : No listen directive found in FPM config

Seems like a thing that could be fixed by enabling/disabling, once associated. I'll try it without validation again.

[swelljoe]

Nope, it's still associating with...nothing? Not a VirtualHost, not sure what it's doing. Back to empty Show directives page.

[iliaross]

On the Associate Features page I checked the box for Apache SSL website, and chose "Yes" to "Require successful validation before saving".

In my tests I can also see that the validation fails false positively, for example:

Failed to associate features : Validation failed for Apache website : PHP is configured to run as the domain owner, but suEXEC is not enabled!


More poking around, associating without validation "succeeds", but there's nothing there.

I think we’re dealing with two separate issues here. One is a Virtualmin bug where validation doesn’t work correctly in some cases—though, to be clear, SSL association worked fine for me. The other issue in your case is actually broken Apache config, which would be useful to share here.